Problem solve Get help with specific problems with your technologies, process and projects.

How does User-based Rate Limiting (UBRL) do if I have oversubscribed a port or switch?

If a port or switch is oversubscribed, what does User-based Rate Limiting (UBRL) do? Does Weighted Fair Queuing come into play? How do I configure for this scenario, assuming I have the correct Supervisor Engine/Netflow combination?

UBRL is a form of Micro-Flow policing, allowing the administrator to rate limit traffic flows. Unlike a normal Micro-Flow policer, it allows a policer to be applied to all traffic to or from a specific user. The Micro-Flow policer differs in that it applies a rate-limiting policy on a per-flow basis. Whereas the aggregate policer limits the total amount of traffic entering that VLAN, the same Micro-Flow policer would only limit each flow to the stated rate. If a Micro-Flow policer were applied to the same VLAN enforcing a policing rule of 2 Mb, then no one flow entering any port in that VLAN could exceed 2 Mb. It is worth noting that although a Micro-Flow policer limits traffic for specific flows, it does not limit the number of flows that can be active in that VLAN.

To configure it you would use a similar method of a Micro-Flow policer. You would define an ACL for classification and refer that ACL in a class map. Then you create a policy map with the policer included. Within the policy map will be a policer statement. Normally, a Micro-Flow policer is identified by the use of the keyword flow. UBRL uses this keyword, but it also uses a flow mask keyword to set the flow mask required for this operation.

Example below tries to rate-limit traffic to 1Mb.

config)# access-list 10 permit ip host any
config)# class-map find-testtraffic
config-cmap)# match access-group 10
config)# policy-map police-testtraffic
config-pmap)# class find-testtraffic
config-pmap-c)# police flow mask src-only 1000000 5000 conform-action transmit exceed action drop
config-pmap-c)# interface gig3/1
config-if)# service-policy input police-testtraffic

This was last published in March 2010

Dig Deeper on Network Infrastructure